Computer Forensics
What is computer forensics?
Computer forensics (also referred to as digital forensics) is the analysis of information contained within and created with computer systems and computing devices. The goal of computer forensics is to explain the present condition of a digital artefact, which can include a computer system, an electronic document or a storage medium.
The examination and evidence
The examination of such artefacts must be undertaken in a manner, which complies with the Rules of Evidence and which produces evidence of criminal activity in a format that will be acceptable in court. The prevailing principle of computer forensics is that artefacts examined, should not be affected by such an examination. Examinations by subsequent investigators should, therefore, produce the same results, irrespective of the tools used.
Why is it important?
There are several reasons for using computer forensics:
- To analyse a computer system after a break in, e.g. to determine how they gained access.
- To gather evidence against an employee, for example in a disciplinary situation.
- To gain information about how computer systems work for the purpose of performance optimisation or debugging.
- To recover data in the event of a failure (hardware or software).
- To analyse computer systems belonging to defendants in legal cases.
Find out more ...
IT Governance Ltd offers various resources. Choose from one of the following to learn how we might help you:
